[
https://issues.apache.org/jira/browse/KNOX-730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
jeff updated KNOX-730:
----------------------
Attachment: hadoop_dev.cer
> pac4jRequestedUrl = null after saml2 assertion is parsed
> --------------------------------------------------------
>
> Key: KNOX-730
> URL: https://issues.apache.org/jira/browse/KNOX-730
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.9.0
> Environment: rhel
> Reporter: jeff
> Labels: idp, security
> Attachments: hadoop_dev.cer
>
>
> We are working with a hadoop system and trying to get the knox saml2 support
> working with our IDP. (note, this is not Okta but another IDP we use with
> many of our commercial clients internal and external.)
> We have successfully configured knox 0.9.0 to handle the redirection to idp,
> we clearly see the assertion being passed back and being parsed by the pc4j
> component and the requestedurl being stored.
> HOWEVER, it seems that when knox goes to retrieve this info, it finds a null.
> (from last line of log snippet below) 2016-07-22 13:16:27,818 DEBUG
> session.KnoxSessionStore (KnoxSessionStore.java:get(90)) - Get from session:
> pac4jRequestedUrl = null
> and therefore the final redirect seems to default to '/' instead of the
> actual requestedurl (in this case
> https://tchdpm01.lmig.com:8445/gateway/knoxsso2/webhdfs/v1/?op=LISTSTATUS)
> 2016-07-22 13:13:03,911 INFO hadoop.gateway
> (GatewayServer.java:startGateway(294)) - Started gateway on port 8,445.
> 2016-07-22 13:15:58,995 DEBUG hadoop.gateway
> (GatewayFilter.java:doFilter(116)) - Received request: GET /webhdfs/v1/
> 2016-07-22 13:15:59,736 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null
> 2016-07-22 13:15:59,737 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl =
> https://tchdpm01.lmig.com:8445/gateway/knoxsso2/webhdfs/v1/?op=LISTSTATUS
> 2016-07-22 13:15:59,833 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session:
> SAML2Client$attemptedAuthentication = null
> 2016-07-22 13:15:59,927 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session: samlRelayState = null
> 2016-07-22 13:15:59,927 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:set(105)) - Save in session: samlRelayState =
> 2016-07-22 13:16:16,179 DEBUG hadoop.gateway
> (GatewayFilter.java:doFilter(116)) - Received request: GET /webhdfs/v1/
> 2016-07-22 13:16:16,180 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session: pac4jUserProfile = null
> 2016-07-22 13:16:16,180 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:set(105)) - Save in session: pac4jRequestedUrl =
> https://tchdpm01.lmig.com:8445/gateway/knoxsso2/webhdfs/v1/?op=LISTSTATUS
> 2016-07-22 13:16:16,182 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session:
> SAML2Client$attemptedAuthentication = null
> 2016-07-22 13:16:16,268 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session: samlRelayState =
> 2016-07-22 13:16:16,268 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:set(105)) - Save in session: samlRelayState =
> 2016-07-22 13:16:27,641 DEBUG hadoop.gateway
> (GatewayFilter.java:doFilter(116)) - Received request: POST /api/v1/websso
> 2016-07-22 13:16:27,813 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:set(105)) - Save in session:
> SAML2Client$attemptedAuthentication = null
> 2016-07-22 13:16:27,814 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:set(105)) - Save in session: pac4jUserProfile =
> <SAML2Profile> | id: n0251132 | attributes: {Products=[],
> Groups=[cn=ram_am_im_infc_admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ram_am_im_infc_AllUsers,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=lram_portal_claims,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=lram_portal_billing,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=kev_test_grp1,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=cp_planit,cn=products,ou=groups,o=Liberty,o=Intranet^cn=cp_is_users,cn=Products,ou=Groups,o=Liberty,o=Intranet^cn=sec_it_only,cn=products,ou=groups,o=Liberty,o=Intranet^cn=cm_SSL_Remote_Access,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=sec_twofactor_population,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cp_dashboard_standard,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ram_AM_IM_Hyp_Admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_sasa_scheduling,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_sas,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_sas_adm_99,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=am_wasadmin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_WASAdmin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_pwrcntr_admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ets_libertyforge_git,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_ats_datatools_admin,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cp_capsmlinsecureconnect,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_data_innov_developer,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cm_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=cp_SS_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=pm_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ram_DBaaS,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_HadoopPOC,cn=Products,ou=Groups,o=Liberty,o=intranet^cn=ci_Hadoop_RangerPOC,cn=Products,ou=Groups,o=Liberty,o=intranet],
> FirstName=[XXXXXX], PhoneNumber=[], LastName=[XXXXXXXXX], CustomerId=[],
> EmailAddress=[[email protected]]} | roles: [] | permissions: [] |
> isRemembered: false |
> 2016-07-22 13:16:27,818 DEBUG session.KnoxSessionStore
> (KnoxSessionStore.java:get(90)) - Get from session: pac4jRequestedUrl = null
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
